313 matches found
WordPress mTouch Quiz Plugin <= 3.0.6 - SQL Injection
Because of this vulnerability in question.php, the attackers can execute arbitrary SQL commands via the "quiz" parameter to wp-admin/edit.php. Solution Update the plugin...
CVE-2014-7833
CVE-2014-7833 affects Moodle releases up to 2.7.3, where mod/data/edit.php changes set a group ID to zero after a database-entry change. This behavior can allow remote authenticated users to disclose sensitive information by viewing the database after a teacher edits data. The root cause is descr...
CVE-2014-3546
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in 1 notes/index.php and 2 user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a...
CVE-2014-4600
Multiple cross-site scripting XSS vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 listname or 2 contact parameter...
WordPress <= 2.2.3 wp-admin/edit.php backup Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/27123/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the brows...
Saurus CMS 4.7.1 - Multiple Vulnerabilities
No description provided by source. waraxe-2013-SA106 - Multiple Vulnerabilities in Saurus CMS 4.7.1 ================================================================================ Author: Janek Vind waraxe Date: 14. July 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-106.html...
Toko Lite CMS 1.5.2 (edit.php) HTTP Response Splitting Vulnerability
No description provided by source. Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web editor and content...
Link Bid Script 1.5 - Multiple Remote SQL Injection Vulnerabilities
No description provided by source. + Link Bid Script 1.5 Multiple Remote SQL Injection + Discovered By SirGod + wWw.MorTal-TeaM.OrG + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke + Remote SQL Injection - Note : For PoC 2 you need administrative rights. Po...
SlimCMS <= 1.0.0 (edit.php) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl =starting -------------------------------------------------------- SlimCMS = 1.0.0 edit.php Remote SQL Injection Exploit -------------------------------------------------------- by athos - stakerathotmaildotit download on sourceforge File edit.php...
php-addressbook 3.1.5 - (edit.php) SQL Injection Vulnerability
No description provided by source. @ php-addressbook v3.1.5edit.php SQL Injection Vulnerability @ Author: Hussin X @ Home : www.iq-ty.comhttp://www.iq-ty.com, @ email: darkangelg85atYahoodotcom @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ script :...
WordPress 1.2 edit.php s Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. Wordpress 1.2 is...
Online Contact Manager 3.0 edit.php id Parameter XSS
No description provided by source...
Sql injection
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter to news/send.php, 2 threadid parameter to posts/edit.php, or 3 useremail parameter to users/password.php or 4 users/register.php. NOTE: these issues were SPLIT...
Sql injection
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...
CVE-2013-5640
Summary: CVE-2013-5640 (and related CVE-2013-7349) affect the Gnew 2013.1 application, with multiple SQL injection vectors. The vulnerabilities allow remote attackers to inject SQL via parameters in polls/vote.php (answer_id, question_id), comments/add.php (story_id) and comments/edit.php, or pos...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 post-menu field to edit.php or 2 Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already...
CVE-2013-7243
Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 post-menu field to edit.php or 2 Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already...
Saurus CMS 4.7.1 Multiple Vulnerabilities
Saurus CMS version 4.7.1 suffers from cross site scripting, remote file inclusion, local file inclusion, information disclosure, remote SQL injection, HTTP response splitting, cross site request forgery, and directory traversal vulnerabilities. Saurus CMS 4.7.1 LFI / RFI / XSS / SQL Injection /...
Cross site scripting
Cross-site scripting XSS vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field...
CVE-2013-1749
CVE-2013-1749: A cross-site scripting (XSS) flaw is present in edit.php of PHP Address Book 8.2.5, allowing user-assisted remote attackers to inject arbitrary script or HTML via the Address field. The issue is tied to how input in the Address field is handled, enabling script injection in context...